Articles of interest from the week of May 22, 2023

Inactive Accounts Pose Significant Account Takeover Security Risks

Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. That’s according to Okta’s first Customer Identity Trends Report which surveyed more than 20,000 consumers in 14 countries about their online experiences and attitudes towards digital security and identity. (CSO Online)

"There are three ways orgs generally get hacked: account compromise, malware, and vulnerabilities. This article nails the issue with old accounts and the need to review and prune them regularly." – Jason Ingalls, CEO at Ingalls Information Security

GitLab 'Strongly Recommends' Patching Max Severity Flaw ASAP

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825. GitLab is a web-based Git repository for developer teams that need to manage their code remotely and has approximately 30 million registered users and one million paying customers. (Bleeping Computer)

Coca-Cola Bottler Reportedly Hit With Ransomware

Russia-linked cybercriminal cartel Black Basta supposedly breached Viking Coca-Cola, a US-based manufacturing company specializing in bottles and cans. The company is one of the largest Coca-Cola bottlers in the US. (CyberNews)

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said. Some of the prominent sectors targeted include communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education. (The Hacker News)

AI Fake of Pentagon Explosion Goes Viral on Twitter 

A fake AI-generated image showing a purported fiery explosion at the Pentagon in Washington DC goes viral on Twitter, highlighting the real problem with Musk’s Twitter Blue 'pay-to-be-verified' checkmark program. (Cyber News)